Security Alerts and Updates

Latest Security Updates for Apple Software
Latest Security Tests from AV-Comparatives

September 2020 (Click listings for more information).
21  Guard your data with these search engines & browsers.
21  Strava app shows your info to nearby users; how to fix.
21  Android malware targets Telegram, Gmail passwords.
20  Why can’t Surface devices have the BEST experience?
20  This Week in Security – by Zack Whittaker.
20  Windows 10 Health Report: Defender fiasco, & more.
20  Why Windows 10 is crashing on Lenovo laptops.
19  Sysmon now logs data copied to the Windows Clipboard.
19  How to fix Windows 10 search problems.
18  Firefox bug lets you hijack nearby mobile browsers via WiFi.
18  The Week in Ransomware – Schools under attack.
18  Spammers use hexadecimal IP addresses to evade detection.
18  Outlook 365 update bug with iCloud: changing a contact error.
17  Hands on with iOS 14’s new data breach notification feature.
17  Apple bug allowed code execution on iPhone, iPad, iPod.
17  US Presidential apps riddled with tracking & security flaws.
17  Microsoft issues Win10 BSOD warning for some Lenovo users.
17  Drug spammers start using technique to bypass spam filters.
16  Privacy-focused search engine DuckDuckGo is growing fast.
16  Chrome makes it easier to reset compromised passwords.
16  ‘C’ Week Preview Updates released for 1809, 1903, 1909 & .NET.
16  Surface Pro & Book devices get firmware & driver updates.
16  This security awareness training email is a phishing scam.
16  Staples data breach caused by bug in order tracking system.
15  Devices vulnerable to new ‘BLESA’ Bluetooth security flaw.
15  Windows Zerologon PoC exploits allow domain takeover.
15  QR Codes Serve Up a Menu of Security Concerns.
15  Apple to release iOS 14, iPadOS 14, & watchOS 7 tomorrow.
15  First-gen Surface Go receives firmware updates with fixes.
15  Adobe releases security update for Adobe Media Encoder.
15  ‘Finger’ command can be abused to download or steal files.
14  Patch Lady – Checking on your vote (USA centric).
14  VA notifies Veterans of compromised personal information.
14  TikTok fixes flaws that opened Android app to compromise.
14  Magento stores hit by large automated hacking attack.
14  Staples discloses data breach exposing customer info.
14  BlindSide attack uses speculative execution to bypass ASLR.
13  This Week in Security – by Zack Whittaker.
13  Patch Lady – just a kind reminder about Office 2010.
12  Patch Lady – HP support assistant being a bad patcher.
11  The Week in Ransomware – A barrage of attacks.
11  Windows 10 Control Panel gets another nail in its coffin.
11  Hacking Windows passwords via your wallpaper.
10  Zoom adds two-factor authentication support to all accounts.
10  State-backed hackers are targeting the 2020 US elections.
10  Beaucoup bugs beset this month’s Windows patches.
09  Google squashes critical Android Media Framework bug.
09  Vulnerability allows overwrite of Bluetooth authentication keys.
09  Microsoft Office security updates fix critical RCE bugs.
09  It’s time to be thinking about saving a copy of Win10 v2004.
09  Win10 2004 KB4571756 breaks Windows Subsystem for Linux 2.
09  Spyware labeled ‘TikTok Pro’ exploits fears of US ban.
08  Win10 links servicing stack updates with cumulative updates.
08  Microsoft September Patch Tuesday fixes 129 vulnerabilities.
08  Here’s what’s new for Windows 8.1 & 7 this Patch Tuesday.
08  Win10 cumulative updates KB4571756 & KB4574727 released.
08  Adobe flaws allow attackers to run JavaScript in browsers.
08  The September 2020 Microsoft patches are out.
08  Academics find crypto bugs in 306 popular Android apps.
08  Google Chrome starts blocking ads that slow down the browser.
08  Microsoft fixes Win10 bug causing excessive SSD defragging.
07  Windows 10 Sandbox activation enables zero-day vulnerability.
07  Windows 10 themes can be abused to steal Windows accounts.
07  Microsoft’s Surface Book 3 gets a big batch of updates.
07  With Patch Tuesday near, get Windows Update locked down.
05  Malware gang uses .NET library to generate Excel docs.
05  Visa warns of new Baka credit card JavaScript skimmer.
04  The Week in Ransomware – Stay Alert!
04  You can install the August Windows & Office patches now.
04  Phishing adds overlay on official company page to steal logins.
04  WhatsApp discloses 6 bugs via a dedicated security site.
04  Firefox will add new drive-by-download protection in Oct.
03  KB4571744 released for those on the Win10 May 2020 Update.
03  Warner Music Group’s e-commerce stores compromised.
02  Microsoft Defender can now be used to download malware.
02  PowerToys 0.21.1 released with a bunch of bug fixes.
02  DNS-over-HTTPS support added to Chrome on Android.
02  Emotet malware uses fake ‘Windows 10 Mobile’ attachments.
02  Joker Spyware Plagues More Google Play Apps.
02  Microsoft Office update changes Outlook fallback encryption.
02  Intel microcode updates for Win10 fix CPU hardware bugs.
02  Hackers abuse Google DNS over HTTPS to download malware.
02  Surface Laptop 3 15-inch gets new firmware & driver updates.
01  Credit card data smuggled via private Telegram channel.
01  Firefox 80.0.1 rolls out to fix crashes & download issues.

August 2020 (Click listings for more information).
31  Microsoft August Patch Alert – by Woody Leonhard.
31  Win10 2004 blocked on devices with LTE cellular modems.
31  Lenovo warns of Win10 2004 crashing ThinkPad laptops.
31  Malware authors trick Apple into trusting malicious apps.
31  Browsing histories are unique enough to identify users.
31  Hackers are backdooring QNAP NAS devices with RCE bug.
30  This Week in Security – by Zack Whittaker.
30  CenturyLink issue led to outages on Hulu, Steam, more.
30  Android apps that were part of an ad fraud botnet removed.
29  Emotet malware’s new attachment is just as dangerous.
28  Email service provider is under siege from hacked accounts.
28  Academics bypass PINs for Visa contactless payments.
28  Instagram ‘Help Center’ phishing scam pilfers credentials.
28  Microsoft has re-released another version of KB 4023057.
28  UltraRank hackers steal credit cards from hundreds of stores.
27  Qbot steals your email threads again to infect other victims.
27  Lemon_Duck cryptominer malware targets Linux devices.
27  Facebook hits back at Apple’s iOS 14 privacy update.
26  Windows 10 1803 end of service delayed due to pandemic.
26  Many websites are using browser fingerprinting scripts.
26  Hackers exploit Autodesk flaw in cyberespionage attack.
25  Chrome 85 released with security fixes, app shortcuts, AVIF.
25  Firefox 80 released with new and faster extensions blocklist.
24  Zoom went down and schools got a digital snow day.
24  Researcher discloses Safari bug after Apple’s delayed patch.
24  Office 365 now opens attachments within an isolated sandbox.
24  Microsoft 365 Admin Portal down, Office 365 services affected.
24  Google Chrome 85 fixes WebGL code execution vulnerability.
23  This Week in Security – by Zack Whittaker.
22  Install Win10 updates manually with this open-source tool.
22  Win10 update causing BSOD, slow performance for some.
22  How to run Windows 10 programs in a WSL Linux shell.
21  The Week in Ransomware – Ransomware Ahoy!
21  Freepik data breach: Hackers stole 8.3 million records.
21  Windows 10 Settings gets a modern Disk Management tool.
21  US regulator warns of phishing sites impersonating brokers.
21  Google Autofill on Android supports biometric authentication.
21  FBI, CISA Echo Warnings on ‘Vishing’ Threat.
20  Microsoft Defender can no longer be disabled via the Registry.
20  WSL2 rolling out to devices running Windows 10 1903 & 1909.
20  Win10 KB4566116 update fixes crashing settings, unlock bug.
20  Faulty Lightroom for iOS update wipes users’ images & presets.
20  Windows 10 Updates Health Report – KB4566782 & KB4565351.
20  Gmail bug allowing attackers to send spoofed emails fixed.
19  Microsoft issues out of band KB4578013 security update.
19  Spotify hit with outage after forgetting to renew a certifficate.
19  Voice Phishers Targeting Corporate VPNs.
19  Lucifer cryptomining DDoS malware now targets Linux systems.
19  Airline DMARC policies lag, opening flyers to email fraud.
18  Zoom web client outage prevents users from joining meetings.
18  Microsoft Defender ATP adds malicious behavior blocking feature.
18  Duri campaign smuggles malware via HTML and JavaScript.
17  Windows 10 May 2020 Update is finally ready for more PCs.
17  Microsoft plans to ditch legacy Edge & IE 11 browsers.
17  Microsoft Put Off Fixing Zero Day for 2 Years.
16  This Week in Security – by Zack Whittaker.
15  The Week in Ransomware – Crime made easy.
15  Windows 10 features that boost your computer’s security.
15  U.S. spirits & wine giant hit by cyberattack, 1TB of data stolen.
14  Security researchers secretly distributed an Emotet vaccine.
14  Mac users targeted by spyware spreading via Xcode projects.
14  Emotet malware strikes U.S. businesses with COVID-19 spam.
14  Patch Lady – want to know what is in those URLs?
14  Medical debt collection firm R1 RCM hit in ransomware attack.
14  Instagram retained deleted user data despite GDPR rules.
14  Windows Defender deletes mislabeled Citrix components.
14  Issues with Windows 10 KB4565351 & KB4566782 updates.
13  Patch Lady – Defender not having a good week.
13  Apple iOS 13.6.1 will fix green tint issues on some displays.
13  Alexa flaw that could expose personal information found.
13  Signal adds message requests to stop spam & protect privacy.
13  CISA alert: phishing attack targets SBA loan relief accounts.
12  Windows, IE11 zero-day vulnerabilities chained in attack.
12  Dharma created a hacking toolkit to make cybercrime easy.
12  Attack can decrypt 4G (LTE) calls to eavesdrop on calls.
12  Two basic flaws make it easy for hackers to break into systems.
12  TikTok used Android loophole to collect MAC addresses.
12  Google discloses flaw in Windows following incomplete fix.
12  Key places where everyone should plant their virtual flags.
11  Microsoft August Patch Tuesday fixes 2 zero-days, 120 flaws.
11  Win10 cumulative updates KB4566782 & KB4565351 released.
11  Here’s what’s new for Windows 7 & 8.1 this Patch Tuesday.
11  Welcome to the August 2020 Patch Tuesday plop.
11  Samsung fixes Galaxy flaws allowing spying, data wiping.
11  Adobe fixes critical code execution bugs in Acrobat & Reader.
11  Google releases security updates for Chrome.
11  Apple releases security updates for iCloud for Windows.
10  Twitter having issues sending account verification codes.
10  vBulletin fixes ridiculously easy to exploit zero-day RCE bug.
10  Agent Tesla malware steals passwords from browsers, VPNs.
10  Google fixes audio recording blip in smart speakers.
10  1Password is finally releasing a desktop Linux client.
10  Google Chrome browser bug exposes users to data theft.
10  Hacked government, college sites push malware via fake tools.
10  It’s Patch Tuesday time – by Woody Leonhard.
09  This Week in Security – by Zack Whittaker.
09  ProctorU confirms data breach after database leaked online.
08  Useful Registry hacks to optimize your Windows 10 experience.
08  Bugs in HDL Automation expose IoT devices to remote hijacking.
08  Samsung rolls out Android updates fixing critical vulnerabilities.
07  The Week in Ransomware – Businesses under siege.
07  U.S. (NCSC): election interference tied to Russia, China, Iran.
07  Microsoft Defender throwing error Events 7000, 7001.
07  Reddit hit by coordinated hack promoting Trump’s reelection.
07  The ‘Have I Been Pwned Code Base’ is being open sourced.
07  CCleaner fixes bug that wipes Firefox extension settings.
07  TeamViewer fixes bug that lets attackers access your PC.
07  Ubuntu 20.04.1 LTS out now opening LTS upgrade path.
06  50% of all smartphones affected by Qualcomm Snapdragon bugs.
06  KrØØk attack variants impact Qualcomm, MediaTek Wi-Fi chips.
06  Bug in Windows print spooler lets malware run as admin.
06  Hackers abuse lookalike domains & favicons for credit card theft.
06  Firefox gets fix for evil cursor attack.
05  LastPass adds ‘Security Dashboard’ and dark web monitoring.
05  High-severity Android RCE flaw fixed in security update.
05  LibreOffice 7.0 launched with OpenDocument Format 1.3 support.
05  Win10 version 2004 gets ‘optional’ fixes for many problems.
04  The fixes to the Linux BootHole fixes are in.
04  Facebook plugin bug allows hijacking of websites’ chat.
04  Networks exposed to attacks due to Windows 7 end of life.
04  Suspicious Canon outage leads to data loss.
04  Firefox adds protections against redirect tracking.
04  NSA offers advice on how to reduce location tracking risks.
03  Win10: HOSTS file blocking telemetry is flagged as a risk.
03  Zello resets all user passwords after data breach.
03  Google will integrate its Nest devices with ADT’s system.
03  FBI sees big surge in online shopping scams.
03  Surface Pro 7 gets firmware and driver updates.
03  Robocall Legal Advocate Leaks Customer Data.
02  This Week in Security – by Zack Whittaker.
02  Havenly discloses data breach after 1.3M accounts leaked.
01  Garmin received decryptor for WastedLocker ransomware.
01  How to fix Windows Update problems in Windows 10.
01  Phishing campaigns, from first to last victim, average 21h.
01  How to see what’s using the most disk space in Windows 10.
01  New Win7 Extended Security Updates licensing package.

July 2020 (Click listings for more information).
31  The Week in Ransomware – Cooked Crab.
31  Four bugs plague Grandstream ATAs for VoIP users.
31  PowerToys update fixes launcher, adds color picker.
31  Microsoft fixes Win10 2004 Bluetooth and Intel GPU issues.
31  Win10 2004 KB4568831 update released with printing fixes.
31  QNAP urges updating Malware Remover after QSnatch alert.
31  Bypassing Windows 10 UAC with mock folders & DLL hack.
31  Three Charged in July 15 Twitter Compromise.
31  Now is the time to install the July Windows & Office patches.
31  BootHole fixes cause boot problems in multiple Linux distros.
30  KDE archive tool flaw let hackers take over Linux accounts.
30  Microsoft Patch Alert – by Woody Leonhard.
30  Startups disclose data breaches after 386M records leak.
30  Two Tor zero-days disclosed, with more to come.
30  Is your chip card secure? Much depends on where you bank.
30  TrickBot’s Linux malware covertly infects Windows devices.
29  Zoom bug allowed cracking of private meeting passwords.
29  Linux distros fix new Boothole bootloader bug.
29  CCleaner detected as a Potentially Unwanted Application.
29  Bootloader bug lets hackers hide malware in Linux, Windows.
29  All Windows downloads signed with SHA-1 to be removed.
28  Emotet malware steals email attachments to attack contacts.
28  Microsoft’s Family Safety app now generally available.
28  New Surface Laptop 2 firmware improves hibernation stability.
28  Hacker leaks 386 million user records from 18 companies.
28  The Windows 10 ‘End-of-Service’ myth – Woody Leonhard.
28  Netflix credential phishing hides behind working CAPTCHA.
28  Final update for the old Firefox for Android browser released.
28  Firefox 79 is out – it’s a double-update month so patch now!
28  Google Releases Security Updates for Chrome.
27  Win10 Desktop Windows Manager crashes due to DirectX bug.
27  Garmin confirms ransomware attack, services returning online.
27  62,000 QNAP NAS devices have been infected with malware.
26  This Week in Security – by Zack Whittaker.
26  GPS, run & activity saving glitch of Garmin smartwatches.
26  Dave data breach affects 7.5 million users.
25  Microsoft Edge now blocks abusive spam notifications.
25  Google reportedly collects rival Android app data.
24  52 problematic skills on the Alexa store targeting children.
24  Microsoft investigating Windows 10 Sandbox failing to open.
24  The Week in Ransomware – Navigation failure.
24  Patch Lady – Windows 7 ESU and the .NET patch problem.
24  Windows Update is a bifurcated mess – Woody Leonhard.
24  Malicious ‘Blur’ photo app campaign discovered on Google Play.
24  5 severe D-Link router vulnerabilities disclosed, patch now.
23  Garmin services & production go down after ransomware attack.
23  How to stop Microsoft Edge launching automatically on login.
23  ASUS home router bugs open consumers to attacks.
23  Remove unwanted Windows 10 apps with this new tool.
23  Twitter hackers read private messages of 36 high-profile accounts.
23  New botnet uses SMB exploit to spread to Windows systems.
23  New attack can replace content in digitally signed PDF files.
22  Patch Lady – so why did I get that?
22  Microsoft Outlook deletes mails for some POP accounts.
22  D-Link firmware encryption key exposed in unencrypted image.
22  Critical SharePoint flaw dissected, RCE details now available.
22  Botnet exploits Windows SMB to mine for cryptocurrency.
22  Microsoft releases some optional, non-security, Win10 patches.
22  Leak exposes private data of genealogy service users.
22  ‘Meow’ attack has wiped dozens of unsecured databases.
21  Win10 KB4559004 released to fix wireless LTE connectivity.
21  Emotet botnet is now heavily spreading QakBot malware.
21  Malwarebytes fixes bugs causing Windows 10 2004 issues.
21  Outlook affected by one-minute startup delays on Windows 10.
21  Adobe Photoshop gets fixes for critical security vulnerabilities.
21  Phishers use Google Cloud Services to steal Office 365 logins.
20  Microsoft will disable insecure TLS in Office 365 on Oct 15.
20  Emotet-TrickBot malware duo is infecting Windows machines.
20  Office 365 adds new security configuration analysis feature.
20  Microsoft investigates Win10 2004 ‘No Internet’ bug, how to fix.
20  Windows 10 Store tool lets attackers bypass antivirus.
19  This Week in Security – by Zack Whittaker.
19  How to use Windows 10 File History to make secure backups.
19  Microsoft Edge 84 improves privacy with Storage Access API.
18  Twitter says hackers downloaded the data of eight users.
18  Windows 10 2004: List of compatibility issues blocking updates.
17  The Week in Ransomware – Freshly squeezed.
17  Emotet spam trojan surges back to life after 5 months of silence.
17  Magento adds 2FA to protect against card skimming attacks.
17  Microsoft fixes Win10 2004 boot fails caused by Disk Cleanup.
17  Cisco releases security fixes for critical router vulnerabilities.
16  Google: bug erroneously shows security alerts for TiVO devices.
16  Who’s Behind Wednesday’s Epic Twitter Hack?
16  T-Mobile announces launch of the new Scam Shield service.
16  Android banking trojan steals information from 337 apps.
16  Amazon-themed phishing campaigns evade security checks.
16  Outlook went down for 4 hours Wednesday. What happened?
16  LokiBot redux attacks massive list of common Android apps.
15  High profile Twitter accounts hacked in cryptocurrency scam.
15  Cisco fixes critical pre-auth flaws allowing router takeover.
15  Microsoft Outlook is crashing worldwide, how to fix.
15  Microsoft removes Win10 2004 Thunderbolt dock update block.
15  Microsoft Office July security updates patch critical RCE bugs.
14  Microsoft fixes Win10 issue causing reboots, LSASS crashes.
14  Chrome 84 released with important security enhancements.
14  Win10 2004 servicing stack update fixes privilege escalation bug.
14  Microsoft July Patch Tuesday: 123 vulnerabilities, 18 Critical!
14  Win10 cumulative updates KB4565503 & KB4565483 released.
14  Wattpad data breach exposes account info for millions of users.
14  Adobe fixes critical bugs in Creative Cloud, Media Encoder.
14  Android chat app uses public code to spy, exposes user data.
13  LiveAuctioneers reports data breach of 3.4 million user records.
13  It’s Patch Tuesday time – by Woody Leonhard.
12  This Week in Security – by Zack Whittaker.
12  Use Windows 10’s Storage Sense to free up Disk Space.
11  Zoom fixes zero-day RCE bug affecting Windows 7.
11  TrickBot malware mistakenly warns infected victims.
11  How to enable Windows 10’s hidden features using Mach2.
11  The Win10 version 2004 upgrade blocks just keep comin’.
10  Magstripe versions created from EMV & contactless cards.
10  The Week in Ransomware – A quiet week.
10  Protect your Verizon number from SIM swapping attacks.
10  Backdoor accounts discovered in 29 FTTH devices.
09  New Google Ads policy will ban stalkerware ads.
09  Zoom working on patching zero-day in Windows client.
09  Office 365 phishing uses fake Zoom suspension alerts.
09  Joker malware keeps evading Google Play Store defenses.
09  Pre-installed malware found in budget US smartphones.
08  Microsoft warns of Office 365 phishing via OAuth apps.
08  NVIDIA fixes code execution bug in GeForce Experience.
08  Most bugs in Microsoft’s June patches have been fixed.
08  Microsoft fixes Word, Skype hangs in Office updates.
08  15 billion credentials currently for sale on hacker forums.
07  ThiefQuest info-stealing Mac wiper gets free decryptor.
07  Mozilla suspends Firefox Send service to address abuse.
07  ‘Keeper’ hacking group behind hacks at 570 online stores.
07  Cerberus banking Trojan infiltrates Google Play.
06  Android Users Hit with ‘Undeletable’ Adware.
06  Purple Fox EK Adds Microsoft Exploits to Arsenal.
06  Win10 version 2004 upgrade block: What needs your attention.
06  Home routers warning: They’re riddled with known flaws.
06  North Korean hackers linked to credit card stealing attacks.
05  This Week in Security – by Zack Whittaker.
05  Windows 10’s Microsoft Store Codecs patches are confusing.
04  New extension warns of website port scans, local attacks.
04  E-Verify’s “SSN Lock” is Nothing of the Sort.
04  Companies are reporting ransomware attacks as data breaches.
04  The OneDrive connectivity bug isn’t just in Win10 version 2004.
03  The Week in Ransomware – Yes, Macs need antivirus.
03  Apple macOS Big Sur feature to hamper adware operations.
03  Windows 10 2004 breaks OneDrive connectivity for some users.
02  AdwCleaner can now be used from the command line.
02  16 Facebook apps caught secretly sharing data with 3rd parties.
02  Workaround for Win10 version 2004 Storage Spaces issue.
01  Windows malware uses DNS to smuggle stolen credit cards.
01  Emergency Firefox update rolled out to fix search issues.
01  Android FakeSpy malware spreads via SMS phishing.
01  Microsoft lifts Win10 2004 update block on Surface devices.